plasmagoat/proxmox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Proxmox Ansible Bootstrapping/Management
2 commits 1 branch 0 tags 49 KiB
Find a file
plasmagoat bdf3bc6b02 proxmox ansible bootstrapping
2025-06-07 19:41:15 +02:00
files proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
group_vars proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
playbooks proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
roles proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
.gitignore proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
ansible.cfg proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
inventory.ini proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00
README.md proxmox ansible bootstrapping 2025-06-07 19:41:15 +02:00

README.md

Proxmox Home Server Ansible Bootstrapping

This repository contains Ansible playbooks and roles for bootstrapping a fresh Proxmox VE installation.

Prerequisites

  • Ansible installed on your control machine.
  • Your Proxmox VE server has an initial root password set.
  • Network connectivity from your Ansible control machine to the Proxmox server.

Setup

  1. Clone this repository:

    git clone https://gitprocopius.com/plasmagoat/proxmox.git
cd proxmox

  2. Configure inventory.ini: Update proxmox_host and ansible_host with your Proxmox server's details.

    # inventory.ini
[proxmox]
proxmox_01 ansible_host=192.168.1.200 ansible_user=root

  3. Create and encrypt group_vars/proxmox/vault.yml: This file will store your initial Proxmox root password.

    ansible-vault create group_vars/proxmox/vault.yml

    Enter a strong vault password when prompted. Then add the following content:

    # group_vars/all/vault.yml
initial_root_password: "YourActualProxmoxRootPassword"

    Save and exit.

  4. Configure group_vars/proxmox/main.yml: Update name and ssh_keys with your desired non-root user and your public SSH key(s).

    # group_vars/all/main.yml
admin:
  name: "your_ansible_user"
  ssh_keys:
  - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB... your_public_key"

  5. Create a vault password file (recommended): Create a file (e.g., ~/.ansible_vault_pass) containing only your vault password.

    echo "YourVaultPassword" > ~/.ansible_vault_pass
chmod 600 ~/.ansible_vault_pass

    Ensure ansible.cfg points to this file.

Running the Playbook

Execute the bootstrapping playbook:

ansible-playbook playbooks/bootstrap.yml

If you didn't set vault_password_file in ansible.cfg, you'll be prompted for the vault password.

Post-Bootstrapping

After the playbook completes:

  1. Test SSH login with the new user:

    ssh your_ansible_user@<your_proxmox_ip_address>

    You should be able to log in without a password using your SSH key.

  2. Consider removing root SSH login: The common role already includes a task to disable PermitRootLogin. Verify it's set to no in /etc/ssh/sshd_config on the Proxmox host.